<?php
session_start();

// Define admin credentials
// In a production environment, this should be stored in a database with encrypted passwords
$admin_users = [
    'admin' => [
        'password' => 'kidsmind2023', // In production, store password hash instead
        'name' => 'Administrator',
        'role' => 'admin'
    ]
];

// Get submitted credentials
$username = isset($_POST['username']) ? trim($_POST['username']) : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';

// Validate credentials
if (empty($username) || empty($password)) {
    $_SESSION['login_error'] = '请输入用户名和密码';
    header('Location: login.php');
    exit;
}

// Check if user exists
if (!isset($admin_users[$username])) {
    $_SESSION['login_error'] = '用户名或密码不正确';
    header('Location: login.php');
    exit;
}

// Verify password (in production, use password_verify() with hashed passwords)
if ($admin_users[$username]['password'] !== $password) {
    $_SESSION['login_error'] = '用户名或密码不正确';
    header('Location: login.php');
    exit;
}

// Login successful, set session variables
$_SESSION['admin_logged_in'] = true;
$_SESSION['admin_username'] = $username;
$_SESSION['admin_name'] = $admin_users[$username]['name'];
$_SESSION['admin_role'] = $admin_users[$username]['role'];
$_SESSION['admin_last_activity'] = time();

// Redirect to dashboard
header('Location: dashboard.php');
exit; 